Detections
Analytics

Ensure geo-redundant backups are enabled for Azure MySQL Single Server

HIGH

Description

Enabling automatic backups can help prevent data loss for a MySQL server. Azure can create and save backups in either locally redundant or geo-redundant storage for greater resiliency, with geo-redundant storage providing the greatest availability. The maximum retention period for MySQL backup storage is 35 days and they are encrypted by default. For more information, see the Azure documentation.
References:
https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-backup

Remediation

At this time, the console UI does not have remediation steps available. For possible CLI remediation, see the product documentation (below) or use Terraform.

In Terraform -

  1. In the azurerm_mysql_server resource, set geo_redundant_backup_enabled to true.

References:
https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-backup
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#geo_redundant_backup_enabled

Policy Details

Rule Reference ID: AC_AZURE_0268
CSP: Azure
Remediation Available: Yes
Domain: Data Protection
Resource: azurerm_mysql_server
Resource Category: Database
Resource Type: MySQL

Frameworks